[kube-prometheus-stack] Hardcoded scheme for AlertManager reloader endpoint causes issues for mTLS users #4039
Labels
bug
Something isn't working
Comments
verejoel
changed the title
3 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug a clear and concise description of what the bug is.
Hardcoded scheme for AlertManager reloader endpoint causes issues for users with Istio (or in general, enforced mTLS)
What's your helm version?
version.BuildInfo{Version:"v3.13.0", GitCommit:"825e86f6a7a38cef1112bfa606e4127a706749b1", GitTreeState:"clean", GoVersion:"go1.21.1"}
What's your kubectl version?
Client Version: v1.28.2 Kustomize Version: v5.0.4-0.20230601165947-6ce0bf390ce3 Server Version: v1.28.3
Which chart?
kube-prometheus-stack
What's the chart version?
54.2.2
What happened?
PR #3815 hardcoded the scheme for the config reloader endpoint. While well intended, this means that users of Istio (or any other sidecar proxy) now have issues, as the proxy enforces mTLS and therefore requires an HTTPS connection, with custom TLS config.
What you expected to happen?
Functionality would remain the same, or at least be configurable as it was before.
How to reproduce it?
Upgrade from 51.8.1 to 54.2.2 and observe that the scheme for the reloader endpoint is now hardcoded.
Enter the changed values of values.yaml?
NONE
Enter the command that you execute and failing/misfunctioning.
helm template --debug --disable-openapi-validation -n monitoring kube-prometheus-stack .
Anything else we need to know?
I would propose to just undo this change, and set reasonable defaults for the typical case.
The text was updated successfully, but these errors were encountered: